如何将带有Postgres服务器的.NET MVC应用程序通过GitHub Action部署到数字海洋液滴?
我一直在听到很多有关如何不应该手动部署应用程序的信息。我最近从GitHub动作到Netlify部署了一个静态应用程序,这非常方便。问题在于,我部署的新应用程序是使用Postgres DB并具有迁移的大型动态.NET MVC应用。我以前曾从数字海洋液滴中运行它。我曾经通过以下步骤部署它:
UFW配置
sudo ufw允许openssh
sudo ufw允许http
sudo ufw允许https
sudo ufw允许'nginx full'
sudo ufw enable
certbot设置
sudo add-apt-repository ppa:certbot/certbot
sudo apt Update
sudo apt安装python-certbot-nginx
sudo服务nginx重新启动
sudo certbot -nginx -d my -domain
设置nginx for
/etc/nginx/nginx/nginx.conf/etc/etc/nginx/stites-enabled/default/default/nginx/nginx/proxy.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
准备
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
dotnet
roxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
DB
PSQL Postgres
创建数据库< db_name_here&gt ;;
创建用户< user_name_here>使用加密密码< password_here&gt ;;
授予数据库中的所有特权< db_name_here> to< user_name_here&gt ;;
应用程序构建
确保该应用具有Postgres连接字符串
dotnet还原
dotnet EF数据库更新
dotnet Publish -Output〜/path/to/proj/proj/dir/amaranth -configuration Release
通过创建服务来通过创建服务
来创建服务,请在/etc/systemd/systemd/system/amaranth.amaranth.service
[Unit]
Description=A .NET App running on Ubuntu
[Service]
#WorkingDirectory=/var/www/html/
WorkingDirectory=/home/myusername/path/to/proj/dir/amaranth/
ExecStart=/usr/bin/dotnet /home/myusername/path/to/proj/dir/amaranth/amaranth.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=myusername
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target
然后运行sudo systemctl启动amaranth.service,
您可以通过阅读上面的内容来看到这是一个有些疲惫的过程。第一个3/4步骤 ufw配置, certbot设置, dotnet的设置nginx ,以及可能准备db all只需要一次运行一次,因此不需要自动化。
我很想知道一种自动化最后两个步骤应用程序构建和通过创建服务的方式,无论是通过制作GitHub Action Workfflow还是Docker文件,这为我完成了这些任务。
同样,通常我正在寻找一种更简单/更安全的方式来部署我的.NET MVC应用程序,即使这意味着完全更改部署管道。我会很乐意向我解释使用像我自己的Postgres数据库在数字海洋液滴(或可比的Linux服务器)上使用Postgres数据库部署.NET MVC网站的最有效方法,这是最简化的,最不容易发生的方式。那我该如何部署呢?另外,在此过程中或我的任何配置文件中是否有明显的安全漏洞?
I have been hearing a lot about how I shouldn't deploy my apps manually. I deployed a static app recently from a Github Action to Netlify and it was incredibly convenient. The problem is that the new app I am deploying is a big Dynamic .Net MVC app that uses a Postgres db and has migrations. I have previously ran it from a Digital Ocean Droplet. I used to deploy it with the following steps:
UFW Configure
sudo ufw allow OpenSSH
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 'Nginx Full'
sudo ufw enable
Certbot Setup
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python-certbot-nginx
sudo service nginx restart
sudo certbot --nginx -d MY-DOMAIN
Setup Nginx for Dotnet
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
/etc/nginx/sites-enabled/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
/etc/nginx/proxy.conf
roxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
Prepare Db
psql postgres
CREATE DATABASE <db_name_here>;
CREATE USER <user_name_here> WITH ENCRYPTED PASSWORD <password_here>;
GRANT ALL PRIVILEGES ON DATABASE <db_name_here> TO <user_name_here>;
App Build
make sure the app has Postgres connection string
dotnet restore
dotnet ef database update
dotnet publish --output ~/path/to/proj/dir/amaranth --configuration Release
Deploy By Creating A Service
Create a service by creating this file at /etc/systemd/system/amaranth.service
[Unit]
Description=A .NET App running on Ubuntu
[Service]
#WorkingDirectory=/var/www/html/
WorkingDirectory=/home/myusername/path/to/proj/dir/amaranth/
ExecStart=/usr/bin/dotnet /home/myusername/path/to/proj/dir/amaranth/amaranth.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=myusername
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target
Then run sudo systemctl start amaranth.service
As you can see by reading the above this is a somewhat exhausting process. The first 3/4 steps UFW Configure, Certbot Setup, Setup Nginx for Dotnet, and possibly Prepare Db all only need to be run once and therefore don't need to be automated.
I would love to know of a way to automate the last 2 steps App Build and Deploy By Creating A Service, whether it be by making a Github action workflow or a docker file that completes these task for me.
Also just in general I'm looking for a simpler/safer way to deploy my .Net MVC app even if that means completely changing the deployment pipline. I would love if someone could explain to me the most efficient way to deploy a .Net MVC website with a Postgres database like my own on a Digital Ocean Droplet (or comparable linux server) in the most streamlined, least bug prone way. So how could I deploy this? Also, are there any obvious security vulnerabilities in this process or in any of my configuration files?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论